<?php
session_start();

$error = false;

if((!isset($_SESSION["user"]))||(!isset($_SESSION["type"])))
	$error = true;

if(($_SESSION["type"] != "admin")||($_SESSION["user"] == ""))
	$error = true;

if($error)
{
	session_unset();
	session_destroy();

	header("Location: login.php");
	exit;
}

require("include/config.inc.php");
require("include/mysql.inc.php");

$db = new MySQL();

$db->connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_DEBUG);

$action = @$_GET["action"];
$id = @$_GET["id"];

$username = @$_POST["username"];
$password = @$_POST["password"];
$email = @$_POST["email"];
$tipo = @$_POST["tipo"];

if(($action == "del")&&($id != ""))
{
	$db->query("DELETE FROM Utente WHERE username = '$id'");
}

if(($action == "ins"))
{
	if(($username != "")&&($password != "")&&($email != ""))
	{
		if($tipo == "")
			$tipo = "user";
		
		$db->query("INSERT INTO Utente (username, password, tipo, e_mail) VALUES ('$username', password('$password'), '$tipo', '$email')");
	}
	else
		$msg = "<tr><td style=\"text-align: center; color: red;\">
					<b>ATTENZIONE: Compilare tutti i campi presenti.<br>
					Non si possono inserire pi&ugrave; utenti con lo stesso nome.</b><br><br>
				</td></tr>\n";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<style type="text/css" media="print">
TD {font-size:11px; font-family="arial,helvetica"}
P {text-indent:-10; text-align="justify"; margin-left:10;}
A:link {color: #44aaaa; text-decoration: underline;}
A:active {color: #000000; text-decoration: underline;}
A:visited {color: #227788; text-decoration: underline;}
A:hover {color: #000000; text-decoration: none; }
BODY {font-size:12px; font-family="arial,helvetica";}
FORM {margin-top:5}
</style>
<style type="text/css" media="screen">
TD {font-size:13px}
P {text-indent:-10; text-align="justify"; margin-left:10;}
A:link {color: #44aaaa; text-decoration: underline;}
A:active {color: #000000; text-decoration: underline;}
A:visited {color: #227788; text-decoration: underline;}
A:hover {color: #000000; text-decoration: none;}
BODY {background-image: url(images/captext.gif); font-size:14px}
FORM {margin-top:5}
</style>
	
<script type="text/javascript" language="javascript">
	function ctrl()
	{
		var frm = document.getElementById("user");
		var espressione = /^[_a-z0-9+-]+(\.[_a-z0-9+-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$/;
		
		if((frm.username.value == "")||(frm.password.value == "")||(frm.email.value == ""))
		{
			alert("Attenzione, compilare tutti i campi del modulo.");
			return false;
		}
		
		if (!espressione.test(frm.email.value))
		{
			alert("Attenzione, indirizzo email non valido.");
			return false;
		}
		
		return true;
	}
</script>

</head>

<body>
<center>
<font color="#228888" size="4"><br><br><b>BACHECA: UTENTI</b><br><br></font>
</center>
<center>

<form id="user" name="user" method="post" action="utenti.php?action=ins">
	<table style="width: 90%; text-align: left; margin-left: auto; margin-right: auto;" border="0" cellpadding="2" cellspacing="2">
		<tr>
			<td style="text-align: center;"><br>Compilare tutti i campi per inserire un nuovo utente.<br><br></td>
		</tr>
		<tr align="center">
			<?php echo $msg; ?>
			<table width="230px" border="0" cellspacing="0" cellpadding="0">
				<tr>
					<td style="width: 90px; height: 30px;"><b>Username:</b></td>
					<td style="height: 30px;"><input name="username" size="20" maxlength="15" type="text"></td>
				</tr>
				<tr>
					<td style="width: 90px; height: 30px;"><b>Password:</b></td>
					<td style="height: 30px;"><input name="password" size="20" maxlength="6" type="password"></td>
				</tr>
				<tr>
					<td style="width: 90px; height: 30px;"><b>eMail:</b></td>
					<td style="height: 30px;"><input name="email" size="20" maxlength="50" type="text"></td>
				</tr>
				<tr>
					<td style="width: 90px; height: 30px;"><b>Tipo:</b></td>
					<td style="height: 30px;">
						<select name="tipo" id="tipo">
							<option value="user">User</option>
							<option value="admin">Admin</option>
						</select>
					</td>
				</tr>
				<tr>
					<td>&nbsp;</td>
					<td>&nbsp;</td>
				</tr>
				<tr>
					<td style="width: 90px;">&nbsp;</td>
					<td align="right"><input name="go" type="submit" id="go" value="Inserisci" onclick="javascript: return ctrl();"></td>
				</tr>
			</table>
		</tr>
	</table>
</form> 
<br><br><br><br>
<?php
$db->query("SELECT * FROM Utente");

if($db->get_num_rows() > 0)
{
	echo "<span style=\"text-align: center; font-weight: bold; color: black;\">Utenti Registrati<br><br></span>";
	
	while($row = $db->fetch_array())
	{
		echo "<table style=\"table-layout: fixed; width:90%; margin-left: auto; margin-right: auto;\">
			  <tr bgcolor=\"#FFDFBF\">
			  	<td style=\"text-align: center;\" width=\"20px\">
					<a href=\"utenti.php?action=del&id=" . $row["username"] . "\" title=\"Elimina\" onclick=\"javascript: return(confirm('Eliminare l\'utente selezionato?'))\">
						<img src=\"images/msg_del.png\" alt=\"Elimina\" style=\"border: 0px;\" width=\"14px\" height=\"14px\">
					</a>
				</td>
				<td><b>Username:</b> " . $row["username"] . "</td>
				<td><b>Password:</b> " . $row["password"] . "</td>
				<td><b>eMail:</b> " . $row["e_mail"] . "</td>
				<td><b>Tipo:</b> " . $row["tipo"] . "</td>
			  </tr>
			  </table>";
	}
}
else
	echo "<span style=\"text-align: center; font-weight: bold; color: black;\">Non ci sono utenti registrati.</span>";

$db->free_result();
$db->close();
?>
<br>
<table style="width: 90%; text-align: left; margin-left: auto; margin-right: auto;" border="0" cellpadding="2" cellspacing="2">
<tr><td align="center"><a href="admin_opt.php">Torna Indietro</a></td></tr>
</table>
</center>
<br>
<table bgcolor="#88CCCC" border="0" cellpadding="1" cellspacing="0" width="100%">
<tr>
	<td> Ultima modifica: <?php echo date("d/m/Y");?></td>
	<td align="right"> Approvato da: Presidente CCdL</td>
</tr>
</table>
</body>
</html>
